1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Plesk won't work with IPTables

Discussion in 'Plesk for Linux - 8.x and Older' started by echolima, Dec 11, 2005.

  1. echolima

    echolima Guest

    0
     
    I have installed Plesk to try it on a Fedora Core 2 server. I am behind a router and don't know quite how to configure iptables. If I turn iptables off I can get to the admin section but cannot if I turn on the iptables. Any help and/or adivce would be appreciated. Thank you.
     
  2. serve-you.net

    serve-you.net Guest

    0
     
    Plesk runs on TCP port 8443, so add a rule to iptables to allow TCP 8443.

    If you aren't comfortable managing iptables rules manually, I'd recommend using apf as it is very robust, and has pretty easy to use configuration files.
     
  3. echolima

    echolima Guest

    0
     
    I knew I had to add port 8443 and a few other ports but how do I enter that in iptables? Does anybody have any examples I can go from?
     
  4. serve-you.net

    serve-you.net Guest

    0
     
    The easiest way to do it (on a RH based system) is simply edit /etc/sysconfig/iptables & restart iptables after you make the changes. The rules themselves your look something like:

    -A INPUT -p tcp -m tcp --dport 8443 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT

    etc...
     
  5. echolima

    echolima Guest

    0
     
    What are the risks of having the iptables off if behind a router?
     
  6. serve-you.net

    serve-you.net Guest

    0
     
    Obviously the risks are much higher if you are not filtering on the server, and do not have a real firewall between it and the internet. That being said, a firewall in and of itself wont protect your server. It is just another layer of security. Your server will most likely be compromised through a port that you must allow through the firewall anyway (http, dns, smtp, etc). However, if used in conjunction with something like BFD, and/or mod_evasive you can at least mitigate such attacks. BFD is cool because it works in conjunction with APF. You set a threshold, and it "watches" the ports you tell it to. When someone tries to brute force attack a port/service, it will automatically inject a rule into your iptables for the offending IP.

    There are a lot of things you can do to help secure your server, but as it has been said in the past, the only way to secure a server is to turn it off.
     
Loading...